Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to check hit counts on Identity NAT

 

Hi Everyone,

 

I have identity NAT config like below

static(inside,outside) 10.0.0.0 10.0.0.0 netmask 255.0.0.0

when i do sh nat how can i check hit counts for above rule?

ASA version is 8.2

 

Regards

Mahesh

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

If you just use "show xlate"

If you just use "show xlate" without the count keyword it will show you exactly which NAT rules its talking about. That command gives you the active xlate slots currently in use.

The "show nat" is more of a cumulative "hit count". If you add the "detail" command it will similarly show you more detail about the hits.

Identity NAT is similar to NAT exemption or no NAT n that an address is translated to itself. The example you show the output of above is not identity NAT since the 10.0.0.0/8 network is being translated to the ASA outside interface.

4 REPLIES
Hall of Fame Super Silver

Mahesh,"show xlate" (and

Mahesh,

"show xlate" (and optionally use various keywords such as "count" or pipe output to include only desired addresses) should do the trick for you. i.e.,

show xlate count

show xlate | i 10.

New Member

 Hi Marvin,sh xlate

 

Hi Marvin,

sh xlate count

shows 2 used and 2 used most

does this mean that only 2 NAT rules are used ?

 

Also i did sh nat

match ip inside 10.0.0.0 255.0.0.0 outside any
    static translation to 10.0.0.0
    translate_hits = 0, untranslate_hits = 16648

Need to confirm if this is Identity NAT hits?

 

Regards

MAhesh

Hall of Fame Super Silver

If you just use "show xlate"

If you just use "show xlate" without the count keyword it will show you exactly which NAT rules its talking about. That command gives you the active xlate slots currently in use.

The "show nat" is more of a cumulative "hit count". If you add the "detail" command it will similarly show you more detail about the hits.

Identity NAT is similar to NAT exemption or no NAT n that an address is translated to itself. The example you show the output of above is not identity NAT since the 10.0.0.0/8 network is being translated to the ASA outside interface.

New Member

 Many thanks Marvin

 

Many thanks Marvin

423
Views
0
Helpful
4
Replies